Hi at all! I am trying to use single sign on openssh with kerberos. The authentication part is already working. Now I have the problem of receiving a token after the login. As far as I understand this is the job of pam_afs_session.so. So here is my system-auth which is included in /etc/pam.d/ssh
auth required pam_env.so
auth [success=ok default=1] pam_krb5.so try_first_pass
auth [default=done] pam_afs_session.so
auth sufficient pam_unix.so likeauth nullok try_first_pass
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account sufficient pam_krb5.so
account sufficient pam_ldap.so
account sufficient pam_localuser.so
account required pam_unix.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
retry=3
password sufficient pam_krb5.so
password sufficient pam_unix.so nullok use_authtok shadow md5
password required pam_deny.so
session optional pam_krb5.so
session sufficient pam_afs_session.so
session optional pam_ldap.so
session sufficient pam_unix.so
But pam_afs_session.so is posting following error:
sshd[22617]: (pam_afs_session): no token program set in PAM arguments
This error message is comming twice. I would say for auth and session. I am
really out of ideas especially because everything is working fine with a local
login. I can't see the difference to the ssh login because the auth part with
krb is working AND I do have the krb token after login. A simple aklog is
enough to receive the token and I can acces my home directory ...
help is really appreciated, g
Mueli
--
----------------------------------------------------------------------
______
Michael Hammer / |
GPG-Key-ID: 0x1BA5F0DE \______|
GPG-Fingerprint: ||
8704 11D1 048A 2F24 89D0 6B9E 3EC4 6EDF 1BA5 F0DE ||
phone: +43 (0) 650 86 33 55 8 ||
Graz - AUSTRIA ||
http://www.michael-hammer.at/ [EMAIL PROTECTED] ~~
----------------------------------------------------------------------
pgpXUp7nhTLhj.pgp
Description: PGP signature
